10 days ago - req21723

IT - Asia Security Risk Manager - Linkou

Other corporate functions

Computer science & software engineering

In a nutshell

Location

Linkou, Taiwan

Team

Other corporate functions

Experience

8+ years

Degree

Bachelor

Job Category

Computer science & software engineering

Travel

10%

Introduction

This role will be responsible for managingand reporting on information security risks in Asia region. In addition, alsowork as Project Coordinator in region when there is any world/region-wide projects be implemented in Asia countries

Job Mission

Ensure informationsecurity risks stays within the risk appetite by (early) identification ofinformation security risks, performing risk assessments and drive riskmitigation. Work as the main contact window in Asia for security projects tomanage the implementation and ensure successful progress to project closure

Job Description

This Manager role willwork together and closely with whole Asia Security team to ensure a wellcommunicated risk policies and processes followed in the region. Withtraining, well-designed risk register and guidance given to the Asia team, toensure appropriate risk management in the Region. By well maintained andtracked risk register showing the risk details and all control details,controls are operating effectively. While RSOs and other resources working onsecurity related topics and issues, to support or guide them with appropriatecorresponding assessments no matter in application, cloud service or evendata protection. With liaised and received supports from Netherlands andright function towers in Information Security Competence Center or SectorRisk Managers.

Additionally, this rolewill also. As main contact window and bridge between Netherlands/localcountries in Asia.
- Designing and implementing an overall riskmanagement process for the region, which also well aligned with what processbeen designed in Netherlands but a model more practical and easy to maintainfor Asia region.
- Performing a risk assessment: Analyzing currentrisks and identifying potential risks that are affecting the company withwhole Asia Security team’s support in each local country.
- To formalize the Asia Risk Register and ensureroutine reviews and updates to show the accurate and latest overview.
- Performing a risk evaluation: Evaluating theregistered risks in Asia. Toward its current handling, potential new riskcreated by improvement actions or potentially by the companybusiness/organizational change or legal requirements
- Risk reporting tailored to the relevant audience.Including consolidated/aligned risk item and description to support RSOs andtheir responsible scope/countries. (For specific and significant, togetherwith RSO to educate the business and to ensure business stakeholdersunderstand the risks that might affect their departments and businessoperations)
- Main contact window when with policy and complianceaudits, include liaising with internal/external auditors while with dedicatedcooperation/supports from RSOs in Asia.
- Building risk awareness amongst Security staffs byproviding support and training
- For the project coordinator role in Asia:
1. Establish and maintain good working relationshipswithin Asia Security/with stakeholders and liaise with other supports tofacilitate successful delivery
2. Monitor project progress, regularly report onprogress, identify and action potential stoppers and issues
3. Communicate gaps in program performance in Asia andescalate as necessary

Education

Bachelor/masterdegree or equivalent combination of education and experience.

Experience

8+ years in information security,operational and/or technology with experience in:
- Conducting Information Security Gap Assessments andRisk Management
- Translating output of security assessment intosecurity plans for the IT service
- Security Awareness training for employees
- Where at least 4 years must include directexperience in operational risk management in information security areas.

Personal skills

- Solid jobexperience in dedicated security roles. CISSP/CISM or comparable ones asplus.
- Knowledge ofproject management (Prince-2 / PMBOK/APMP) as plus. Proven working experiencein project management
- Technical/IT/informaticsbackground bachelor degree.
- Familiar withany IT/Security/Risk assessment frameworks as plus. e.g.
- ISO securityrelated frameworks. E.g. ISO27001
- NISTframeworks related to security. Or any equivalent/well known industrial ones.
- Ability toidentify issues and control weakness, translate complex process, applicationand IT/Information security technical controls into risk
- Additionally,
- Analytical,precise, tenacious, autonomous
- Deeptechnical knowledge of IT/Information Security
- Provenworking experience in project management
- Goodcommunication, time management & multi-tasking skills
- Ability tounderstand broader business issues
- Fluent inEnglish

Context of the position

The positionis based out of the Information Security Asia to the Asia Regional SecurityOfficer which is reporting hierarchically and functionally to the CISO ofASML

Other information

- Passion: Bepassionate about Security and protecting Intellectual Property. Also onlearning new techniques and skills.
- Diplomacy:Through diplomacy and team building handle Security issues in cooperativemanner during mergers and acquisitions.
- BehaveEthically: Understand ethical behavior and business practices, and ensurethat own behavior and the behavior of others is consistent with thesestandards and aligns with the values of the organization.
- Lead:Positively influence others to achieve results that are in the best interestof the organization
- MakeDecisions: Assess situations to determine the importance, urgency and risks,and make clear decisions which are timely and in the best interests of theorganization
- Fluent inEnglish and Mandarin